var express = require('express');
var router = express.Router();

/* GET home page. */
router.get('/', function(req, res, next) {
  res.set('X-XSS-Protection', 0);
  res.render('index', { title: 'Express', xss:req.query.xss });
});

let comment = {};

router.get('/setComment', function(req, res, next) {
  comment.v = req.query.comment;
  res.render('submit', { title: '提交成功'});
});

router.get('/comment', function(req, res, next) {
  res.render('result', { title: '上次提交的内容', xss:comment.v });
});

module.exports = router;
